diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index 93285f1..76d564a 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -15748,7 +15748,7 @@ index e100d88..d3b9fb4 100644 + list_dirs_pattern($1, proc_t, userhelper_t) ') diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te -index 8dbab4c..0c702e6 100644 +index 8dbab4c..e387939 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -25,6 +25,9 @@ attribute kern_unconfined; @@ -15789,20 +15789,20 @@ index 8dbab4c..0c702e6 100644 genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0) +type proc_security_t, proc_type; -+genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security_t:s0 -+genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security_t:s0 -+genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security_t:s0 -+genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security_t:s0 -+genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security_t:s0 -+genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security_t:s0 -+genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security_t:s0 ++genfscon proc /sys/fs/protected_hardlinks gen_context(system_u:object_r:proc_security_t,s0) ++genfscon proc /sys/fs/protected_symlinks gen_context(system_u:object_r:proc_security_t,s0) ++genfscon proc /sys/fs/suid_dumpable gen_context(system_u:object_r:proc_security_t,s0) ++genfscon proc /sys/kernel/dmesg_restrict gen_context(system_u:object_r:proc_security_t,s0) ++genfscon proc /sys/kernel/kptr_restrict gen_context(system_u:object_r:proc_security_t,s0) ++genfscon proc /sys/kernel/modules_disabled gen_context(system_u:object_r:proc_security_t,s0) ++genfscon proc /sys/kernel/randomize_va_space gen_context(system_u:object_r:proc_security_t,s0) + +type usermodehelper_t, proc_type; -+genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper_t:s0 -+genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper_t:s0 -+genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper_t:s0 -+genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper_t:s0 -+genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper_t:s0 ++genfscon proc /sys/kernel/core_pattern gen_context(system_u:object_r:usermodehelper_t,s0) ++genfscon proc /sys/kernel/hotplug gen_context(system_u:object_r:usermodehelper_t,s0) ++genfscon proc /sys/kernel/modprobe gen_context(system_u:object_r:usermodehelper_t,s0) ++genfscon proc /sys/kernel/poweroff_cmd gen_context(system_u:object_r:usermodehelper_t,s0) ++genfscon proc /sys/kernel/usermodehelper gen_context(system_u:object_r:usermodehelper_t,s0) + type proc_xen_t, proc_type; files_mountpoint(proc_xen_t)